Highlights
– Al Qaeda operative used a simple “10-code” encryption scheme to conceal other al Qaeda operatives’ contact information
– Operative used pre-paid calling cards, web-based e-mail accounts, and an “anonymizer” computer program to conceal information, communications, and research
– Al Qaeda will employ new technologies in its operations, but will continue to use simple encoding schemes in future terrorist operations
In a plea agreement with the United States (US) Justice Department filed in US District Court on April 30, 2009 Ali Saleh Kahlah Marri admitted to working as a sleeper agent for the al Qaeda terrorist group and providing material support and resources to the terrorist organization. Prosecutors detailed the simple encryption scheme dubbed “10-code” al-Marri used to disguise telephone numbers and e-mail addresses used by Khalid Shaikh Mohammed (KSM), the self-proclaimed September 11th mastermind, and Mustafa Ahmed Hawsawi, chief financier of the attacks.
Al-Marri simply subtracted 10 from each phone numbers’ digit to arrive at the encoded value, which he then stored in his personal digital assistant (PDA) to avoid detection should his cover become compromised. Al-Marri also used the “10-code” and aliases to disguise free web-based e-mail addresses and fake aliases he created to communicate with KSM and al-Hawsawi. Details of the pre-arranged code were later found in an address book in an al Qaeda safehouse in Pakistan.
The details of al-Marri’s post-September 11th, 2001 attack plans showcase the rather simple encryption schemes employed by al Qaeda to disguise contact information when free or low-cost encryption software such as Pretty Good Privacy (PGP) have been available since the early 1990s. For unknown reasons, al Qaeda and its operatives decided against using encryption software.
The use of simple encryption techniques – reliable, easy to remember, and quick to decipher – may pose a problem for future investigations as there appears to be a tendency by government investigators to expect technically sophisticated behavior from terrorist groups. Law enforcement will continue facing the challenge of remaining cognizant of the flexible and ever-changing methods that terrorists employ to circumvent detection.
Operative Moves To US
After several years of training at al Qaeda terrorist camps, al-Marri was approached by KSM in 2001 to assist the group with operations in the US. Following several months of planning, al-Marri arrived in the US with his family on a student visa on September 10, 2001. He applied to Bradley University in Peoria, Illinois online using the same e-mail address he used to communicate with KSM.
Al-Marri rarely attended class, instead using his time to communicate with KSM, researching various cyanide compounds online and determining suitable locations from where to launch attacks. Using pre-paid calling cards, al-Marri placed phone calls from payphones all throughout central and northern Illinois. Al-Marri continued planning his future attacks even though he was interviewed by the FBI on October 2, 2001.
Planning Attacks
Using an Internet “anonymizer” program on his laptop computer, al-Marri visited multiple websites to educate himself on various cyanide compounds including their toxicity level, and where they could be purchased and at what price. Al-Marri also researched various commercial uses for the substance in a possible attempt to craft a viable cover story for his future purchases.
Al-Marri was arrested on December 12, 2001 on charges of credit card fraud and lying to the FBI. Following his arrest, investigators found an Almanac containing bookmarks of dams, waterways and tunnels inside his residence.
Al-Marri had been held as an “enemy combatant” since his arrest in December 2001. Following President Barack Obama’s inauguration, he was charged in federal court and indicted on two counts including conspiracy to provide material support and resources to a foreign terrorist organization and providing material support and resources to a foreign terrorist organization.
Al Qaeda to Continue to Employ Simple Encryption Schemes
We expect Al Qaeda will continue to employing a combination of new and old technologies in its training, recruitment, planning, and commission of terrorist attacks in the long-term.
The November 2008 Lashkar-e-Taiba (LeT) terrorist attack in Mumbai, India showcased how the extensive use of technologies such as global positioning system (GPS) devices, Voice-Over-IP (VOIP) phones, and compact discs (CDs) containing high-resolution satellite images allowed the attackers to increase the coordination and success of their attacks. The successful use of technology in this attack will likely spur al Qaeda and other terrorists groups into increasing their use of technology in future terrorist attacks.
However, the use of simple encryption schemes and decades old technologies, such as pre-paid phone cards, can be just as effective in providing terrorists with a cloak of secrecy to carry out their operations and should not be overlooked by investigators and intelligence officials.